Creates a new custom role that is a collection of permissions. For a list of Amazon Redshift system-defined roles, see Amazon Redshift system-defined roles. Query SVV_ROLES to view the currently created roles in your cluster or workgroup.
There is a quota of the number of roles that can be created. For more information, see Quotas and limits in Amazon Redshift in the Amazon Redshift Management Guide.
Required permissions
Following are the required privileges for CREATE ROLE.
-
Superuser
-
Users with the CREATE ROLE privilege
Syntax
CREATE ROLE role_name [ EXTERNALID external_id ]
Parameters
- role_name
-
The name of the role. The role name must be unique and can't be the same as any user names. A role name can't be a reserved word.
A superuser or regular user with the CREATE ROLE privilege can create roles. A user that is not a superuser but that has been granted USAGE to the role WITH GRANT OPTION and ALTER privilege can grant this role to anyone.
- EXTERNALID external_id
-
The identifier for the role, which is associated with an identity provider. For more information, see Native identity provider (IdP) federation for Amazon Redshift.
Examples
The following example creates a role sample_role1.
CREATE ROLE sample_role1;The following example creates a role sample_role1, with an external ID
that is associated with an identity provider.
CREATE ROLE sample_role1 EXTERNALID "ABC123";